CVE-2020-14145

Updated: 2024-11-30 03:13:19.81965

Description:

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.3
CVSS Version 3.x MEDIUM 5.9

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 8.4 ELS openssh 8.0p1-6 5.9 MEDIUM Ignored 2022-04-28 19:04:59
CentOS 8.5 ELS openssh 8.0p1-10 5.9 MEDIUM Ignored 2022-04-28 19:04:59